US8411448B2 - Security protection device and method - Google Patents

Security protection device and method Download PDF

Info

Publication number
US8411448B2
US8411448B2 US12/875,810 US87581010A US8411448B2 US 8411448 B2 US8411448 B2 US 8411448B2 US 87581010 A US87581010 A US 87581010A US 8411448 B2 US8411448 B2 US 8411448B2
Authority
US
United States
Prior art keywords
security
circuit board
frame
protection device
wiring layer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active - Reinstated, expires
Application number
US12/875,810
Other languages
English (en)
Other versions
US20110048756A1 (en
Inventor
Shuxian Shi
Hongtao Sun
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PAX Computer Technology Shenzhen Co Ltd
Original Assignee
PAX Computer Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PAX Computer Technology Shenzhen Co Ltd filed Critical PAX Computer Technology Shenzhen Co Ltd
Assigned to PAX COMPUTER TECHNOLOGY (SHENZHEN) CO., LTD. reassignment PAX COMPUTER TECHNOLOGY (SHENZHEN) CO., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: SHI, SHUXIAN, SUN, HONGTAO
Publication of US20110048756A1 publication Critical patent/US20110048756A1/en
Priority to US13/784,297 priority Critical patent/US8953330B2/en
Application granted granted Critical
Publication of US8411448B2 publication Critical patent/US8411448B2/en
Active - Reinstated legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H05ELECTRIC TECHNIQUES NOT OTHERWISE PROVIDED FOR
    • H05KPRINTED CIRCUITS; CASINGS OR CONSTRUCTIONAL DETAILS OF ELECTRIC APPARATUS; MANUFACTURE OF ASSEMBLAGES OF ELECTRICAL COMPONENTS
    • H05K7/00Constructional details common to different types of electric apparatus
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/86Secure or tamper-resistant housings
    • G06F21/87Secure or tamper-resistant housings by means of encapsulation, e.g. for integrated circuits
    • HELECTRICITY
    • H05ELECTRIC TECHNIQUES NOT OTHERWISE PROVIDED FOR
    • H05KPRINTED CIRCUITS; CASINGS OR CONSTRUCTIONAL DETAILS OF ELECTRIC APPARATUS; MANUFACTURE OF ASSEMBLAGES OF ELECTRICAL COMPONENTS
    • H05K5/00Casings, cabinets or drawers for electric apparatus
    • H05K5/02Details
    • H05K5/0208Interlock mechanisms; Means for avoiding unauthorised use or function, e.g. tamperproof

Definitions

  • the present disclosure relates to methods and devices for electronic circuit protection and, more specifically, relates to protecting data stored in electronic components on a circuit board.
  • an anti-tampering method for protecting sensitive data uses several printed circuit boards to form an anti-tampering enclosure to enclose a protected region containing the sensitive data.
  • the anti-tampering enclosure includes a base printed circuit board, which is peripherally enclosed by one or more additional printed circuit boards and is covered by yet another printed circuit board.
  • the printed circuit boards included in the anti-tampering enclosure are configured as a multilayered structure, such that the enclosure has gaps between the layers. As a result, an attacker may be
  • the present disclosure relates to methods and devices for electronic circuit protection and, more specifically, relates to protecting data stored in electronic components on a circuit board.
  • an anti-tampering method for protecting sensitive data uses several printed circuit boards to form an anti-tampering enclosure to enclose a protected region containing the sensitive data.
  • the anti-tampering enclosure includes a base printed circuit board, which is peripherally enclosed by one or more additional printed circuit boards and is covered by yet another printed circuit board.
  • the printed circuit boards included in the anti-tampering enclosure are configured as a multilayered structure, such that the enclosure has gaps between the layers. As a result, an attacker may be able to gain access to the protected region through the gaps, and thus security risks still remain.
  • the present disclosure includes an exemplary security protection device including a cover circuit board, at least one inner wiring layer being included within the cover circuit board.
  • the device also includes a base circuit board, at least one inner wiring layer being included within the base circuit board.
  • the device further includes a security frame between the base circuit board and the cover circuit board, at least one electrically conductive wire being wound and included within the security frame to form at least one winding protection layer around sides of the security frame.
  • the cover circuit board, the security frame, and the base circuit board form an enclosure enclosing a security zone, and the at least one inner wiring layer within the cover circuit board, the at least one inner wiring layer within the base circuit board, and the at least one electrically conductive wire within the security frame are connectable to a security mechanism configured to detect an intrusion into the security zone.
  • FIG. 1A illustrates a block diagram of an embodiment of an exemplary system.
  • FIG. 1B illustrates a block diagram of another embodiment of an exemplary system.
  • FIG. 2 is an exploded view schematic diagram illustrating an exemplary structure of the security protection device in the exemplary systems of FIGS. 1A and 1B .
  • FIG. 3 is a schematic diagram illustrating an exemplary structure of a security frame shown in FIG. 2 .
  • FIG. 4 is a schematic diagram illustrating an exemplary structure of an inner frame of the security frame of FIGS. 2 and 3 .
  • FIG. 5 is a functional diagram illustrating an exemplary configuration of electrical connections for the security protection device of FIG. 2 .
  • FIG. 6 is a functional block diagram of an exemplary configuration of the electrical connections shown in FIG. 5 .
  • Exemplary embodiments disclosed herein are directed to methods and devices for protection of data stored in an electronic component mounted on a circuit board against attacks, including against attacks from a side direction.
  • Security protection devices disclosed herein are configured to overcome one or more of the above-mentioned deficiencies of existing anti-tampering technologies.
  • Security protection devices consistent with some embodiments include, among other things, a base circuit board, a cover circuit board, and a security frame having at least one winding wire embedded therein.
  • the security frame is located between the base circuit board and the cover circuit board, and is combined with the cover circuit board and the base circuit board to form an enclosure enclosing a security zone.
  • the security frame includes, among other things, at least one electrically conductive wire wound around an inner frame and coupled to a security mechanism configured to detect an intrusion.
  • FIG. 1A illustrates a block diagram of an embodiment of an exemplary system 100 .
  • Exemplary system 100 may be any type of electronic system that receives, processes, and/or stores data.
  • Exemplary system 100 may include, among other things, an electronic device 102 , one or more input/output (I/O) devices 104 , and a display 106 . It is understood that devices shown in FIG. 1A are for illustrative purposes only. Certain devices may be removed or combined and other devices may be added.
  • Electronic device 102 can be a hardware device such as a point-of-sale (POS) terminal, an electronic cash register, a computer, a PDA, a cell phone, a laptop, a desktop, or any other electronic device that is capable of receiving data from an I/O device or a data network, processing, and/or storing the received data.
  • Electronic device 102 can include software applications to communicate with and receive data from an I/O device (e.g., I/O devices 104 ), or from a data server, an enterprise server, or any other type of computer server through, in some embodiments, a data network.
  • I/O device e.g., I/O devices 104
  • electronic device 102 can be a POS terminal, for example, a countertop POS terminal or a mobile/portable POS terminal, which can capture and process selling and payment information and manage sale transactions.
  • a POS terminal can record and track customer orders, process credit and debit card payments, connect to other systems in a network, and manage inventories.
  • electronic device 102 can also include a processor 108 and a memory 110 .
  • Processor 108 can be a hardware device that is capable of executing instructions of computer programs and carrying out functions of electronic device 102 , e.g., receiving, processing, and/or storing data.
  • Processor 108 can be, for example, a central processing unit (CPU), a microprocessor, a single processor, or multiple processors.
  • Memory 110 of electronic device 102 can be a storage device such as a volatile or non-volatile memory, a random-access memory (RAM), a dynamic RAM (DRAM), a static RAM (SRAM), a read-only memory (ROM), an erasable programmable read only memory (EPROM), an electrically erasable programmable read-only memory (EEPROM), a flash memory, or any other storage device capable of storing data processed by processor 108 and data sent to or received from an I/O device, e.g., I/O devices 104 .
  • RAM random-access memory
  • DRAM dynamic RAM
  • SRAM static RAM
  • ROM read-only memory
  • EPROM erasable programmable read only memory
  • EEPROM electrically erasable programmable read-only memory
  • flash memory or any other storage device capable of storing data processed by processor 108 and data sent to or received from an I/O device, e.g., I/O devices 104 .
  • sensitive components 112 of electronic device 102 temporarily or permanently store data and are enclosed within a security protection device 114 that is configured to protect the data from attacks or tampering.
  • Security protection device 114 will be further described below.
  • I/O devices 104 can be any hardware devices capable of passing information to or receiving data from processor 108 .
  • I/O devices 104 may be optical and bar code scanners, magnetic card readers, keyboards, network cards coupled to a data network, or any combination of these devices that can capture and/or receive information. Some of the captured and/or received information may be sensitive data, for example, banking information, passwords, registration codes, and etc., and may be processed by or stored in electronic components that are enclosed in security protection device 114 .
  • I/O devices 104 can be located within electronic device 102 , local to electronic device 102 , or remote from electronic device 102 .
  • Display 106 is a display device for displaying a graphical user interface, instruction/feedback, or other information for facilitating interface with electronic device 102 .
  • display 106 can be provided as a television set, a computer monitor, a projector, a display panel, and any other display device.
  • Display 106 can be located within electronic device 102 , local to electronic device 102 , or remote from electronic device 102 .
  • FIG. 1B illustrates a block diagram of another embodiment of an exemplary system 120 .
  • sensitive components 112 of electronic device 102 include processor 108 , memory 110 , and other electronic components that process data, and/or temporarily or permanently store data.
  • Sensitive components 112 including processor 108 and memory 110 are enclosed within security protection device 114 .
  • the features and configuration of system 120 are otherwise similar to or the same as those described above and shown in FIG. 1A with respect to system 100 .
  • FIG. 2 illustrates an exploded view schematic diagram of an exemplary structure of security protection device 114 in exemplary systems 100 and 120 of FIGS. 1A and 1B , respectively.
  • Security protection device 114 is configured to protect sensitive data stored in one or more electronic components mounted on a circuit board from attacks or tampering.
  • Security protection device 114 includes a cover circuit board 210 , a security frame 220 , and a base circuit board 230 .
  • the various illustrated components of exemplary security protection device 114 may be provided as discrete components, be combined, or be arranged in different configurations. Also, additional components may be included, and different materials may be used.
  • cover circuit board 210 and base circuit board 230 can be any type of circuit board for mechanically supporting and electrically connecting electronic components using conductive pathways, and can have one or more wiring layers connecting electronic components.
  • cover circuit board 210 and base circuit board 230 can be any type of printed circuit board.
  • Cover circuit board 210 and base circuit board 230 can each have one or more electronic components mounted thereon.
  • electronic components mounted on base circuit board 230 or cover circuit board 210 include the one or more sensitive components 112 for processing and/or temporarily or permanently storing sensitive data mounted within a security zone 234 .
  • Base circuit board 230 or cover circuit board 210 may also include a security mechanism for detecting an intrusion and automatically destroying or erasing the sensitive data.
  • the security mechanism can include, among other things, one or more intrusion detection circuits, e.g., one or more intrusion detection circuits 236 , to detect an intrusion by an attacker, and a self-destruct mechanism 240 to automatically destroy or erase the sensitive data if activated.
  • intrusion detection circuit 236 includes self-destruct mechanism 240 .
  • some components of the security mechanism can be located inside or outside of security zone 234 .
  • some components of the security mechanism can be located on or off base circuit board 230 .
  • the security mechanism or some components of the security mechanism can be mounted on cover circuit board 210 .
  • Cover circuit board 210 and base circuit board 230 may include one or more electronically conductive inner wiring layers 212 and 232 , respectively.
  • the one or more electronically conductive inner wiring layers 212 and 232 can form one or more protection layers and/or extend over the entire area of cover circuit board 210 and base circuit board 230 , respectively.
  • Inner wiring layers 212 and 232 are connected to one or more intrusion detection circuits 236 by, for example, welding, patching, or mechanically connecting.
  • Either or both of inner wiring layers 212 and 232 may include, for example, layered wire meshes (e.g., one or more mesh layers). Any known wiring methods may be used.
  • either or both of inner wiring layers 212 and 232 can include two parallel windings, one connecting to a high-level voltage, and the other one connecting to a low-level voltage.
  • either or both of inner wiring layers 212 and 232 may include one or more winding wires.
  • cover circuit board 210 may include one or more electrical contacts 214 on its underside for electrically connecting conductive components to inner wiring layer 212 .
  • Base circuit board 230 may also include one or more electrical contacts 238 on its front side for electrically connecting conductive components to the one or more intrusion detection circuits 236 mounted on base circuit board 230 directly or indirectly (e.g., through inner wiring layer 232 or a separate conductive path).
  • Security frame 220 can be any type of material that has one or more of a high melting point, chemical resistance, and drill resistance.
  • security frame 220 can be made of thermosetting plastic, metal, or bakelite.
  • Security frame 220 is located between cover circuit board 210 and base circuit board 230 , and has a wall-like shape configured to surround security zone 234 .
  • security frame 220 can be combined with cover circuit board 210 and base circuit board 230 to form an enclosure enclosing security zone 234 as an enclosed space. Security zone 234 is thus sandwiched between cover circuit board 210 and base circuit board 230 , and surrounded by security frame 220 .
  • security frame 220 may have one or more electrically conductive winding wires (not shown in FIG. 2 ) embedded therein and connected to one or more intrusion detection circuits 236 .
  • a plurality of connectors (pins) 222 are mounted in and pass through security frame 220 .
  • connectors 222 connect and, optionally, attach, cover circuit board 210 to base circuit board 230 together.
  • Connectors 222 can be any type of electrically conductive material, and can directly or indirectly electrically connect inner wiring layer 212 of cover circuit board 210 to one or more intrusion detection circuits 236 .
  • one or more intrusion detection circuits 236 may be mounted on cover circuit board 210 , and connectors 222 can directly or indirectly electrically connect inner wiring layer 232 of base circuit board to the one or more intrusion detection circuits 236 .
  • Connectors 222 can be, for example, but are not limited to, a soft conductive material such as a conductive rubber or a hard conductive material such as a board-to-board connector. In some embodiments, connectors 222 can electrically connect inner wiring layer 212 of cover circuit board 210 to inner wiring layer 232 of base circuit board 230 , through electrical contacts 214 and 238 . In some embodiments, for example, connectors 222 connect to one or more intrusion detection circuits 236 mounted on base circuit board 230 through inner wiring layer 232 . In some embodiments, each of connectors 222 and electrical contacts 214 and 238 can be configured to have a multi-layered structure including a plurality of conductive layers and a plurality of insulation layers.
  • each conductive layer is separated by an insulation layer from another conductive layer, such that each of connectors 222 and electrical contacts 214 and 238 can be configured to be pathways for one or more electrical connections.
  • some conductive layers can be configured to receive output signals from an intrusion detection circuit and other conductive layers can be configured to transmit input signals to the intrusion detection circuit.
  • security protection device 114 includes an additional set of cover circuit board 210 , security frame 220 , and connectors 222 .
  • Additional cover circuit board 210 can be combined with additional security frame 220 to form an enclosure covering a back side or underside of security zone 234 .
  • the enclosure can be mounted on a back side or underside of base circuit board 230 .
  • Additional connectors 222 can electrically connect inner wiring layer 212 of additional cover circuit board 210 to inner wiring layer 232 of base circuit board 230 .
  • additional connectors 222 connect to one or more intrusion detection circuits 236 mounted on base circuit board 230 through inner wiring layer 232 .
  • the additional set of cover circuit board 210 , security frame 220 , and connectors 222 can be configured similarly to the configuration described above and shown in FIG. 2 , and can provide additional security protection to the sensitive data from the back side or underside of security zone 234 .
  • security protection device 114 can be engaged or fastened together by any means.
  • the components can be fixed together by screws.
  • FIG. 3 illustrates a schematic diagram of an exemplary structure of security frame 220 of security protection device 114 in FIG. 2 .
  • Security frame 220 may include, among other things, an inner frame 302 , one or more winding wires (not shown in FIG. 3 ) embedded inside security frame 220 , and an outer frame 304 .
  • the illustrated configuration of security frame 220 is exemplary only, and the various illustrated components may be provided as discrete components, be combined, or be arranged in different configurations. Also, additional components may be included, and different materials may be used.
  • Inner frame 302 and outer frame 304 can be any type of material that has one or more of a high melting point, chemical resistance, and drill resistance.
  • frames 302 and 304 can be made of thermosetting plastic, metal, or bakelite.
  • outer frame 304 may be composed of a type of material that has one or more of a high melting point, chemical resistance, and drill resistance, while inner frame 302 is not so composed.
  • outer frame 304 can be made of thermosetting plastic or bakelite
  • inner frame 302 can be made of acrylonitrile butadiene styrene (ABS) plastic, thermosetting plastic, metal, bakelite, or other material.
  • ABS acrylonitrile butadiene styrene
  • each of frames 302 and 304 can be fabricated/manufactured by any process and/or method, for example, by injection molding.
  • Inner frame 302 can be configured to form a wall to surround security zone 234 shown in FIG. 2 .
  • One or more winding wires (not shown in FIG. 3 ) can be wound around inner frame 302 .
  • outer frame 304 can be fabricated to surround inner frame 302 having the one or more winding wires wound around it.
  • outer frame 304 and inner frame 302 with the one or more winding wires can be combined together by, for example, injection molding, to form a solidified whole. As a result of these various fabrication methods, the winding wire or wires are contained or embedded between inner frame 302 and outer frame 304 .
  • FIG. 4 illustrates a schematic diagram of an exemplary structure of inner frame 302 of security frame 220 of FIGS. 2 and 3 .
  • inner frame 302 has one or more winding wires 402 wound around it.
  • inner frame 302 can be configured to have a plurality of vertical channels 404 for connectors 222 to respectively pass through.
  • the illustrated configuration of inner frame 302 with one or more winding wires 402 is exemplary only, and the various illustrated components may be provided as discrete components, be combined, or be arranged in different configurations. Also, additional components may be included, and different materials may be used.
  • Winding wire 402 can be any type of electrically conductive wire and can interconnect with intrusion detection circuit 236 .
  • winding wire 402 can be made of metal.
  • winding wire 402 can be an enameled wire.
  • one or more winding wires 402 can be embedded inside security frame 220 shown in FIGS. 2 and 3 .
  • one or more winding wires 402 can be evenly wound around inner frame 302 and form one or more winding protection layers covering or surrounding side surfaces of inner frame 302 .
  • the one or more winding protection layers may include, for example, layered wire meshes (e.g., one or more mesh layers).
  • the one or more winding protection layers extend over the entire area of the side surfaces of inner frame 302 .
  • the windings can be parallel windings, vertical windings, or cross windings. In some embodiments, if more than one winding wire 402 is used, the windings can be wound evenly around inner frame 302 at the same time during production.
  • one or more terminals (endpoints) 406 and 408 of winding wire 402 may be located on an inner side of inner frame 302 , and can directly or indirectly connect to intrusion detection circuit 236 by any means. For example, winding wire terminals 406 and 408 can connect to intrusion detection circuit 236 by welding, patching, or mechanically connecting.
  • inner frame 302 can be configured to have a plurality of vertical channels 404 .
  • Each of channels 404 in inner frame 302 can be any type of opening configured for connector 222 to pass therethrough.
  • Each of connectors 222 can pass through each of channels 404 , respectively, to connect to one or more intrusion detection circuits 236 .
  • inner frame 302 may not include channels 404 , and connector 222 may be, for example, a board-to-board connector, which does not need to be mounted in or pass through inner frame 302 .
  • FIG. 5 is a functional diagram illustrating an exemplary configuration of electrical connections for security protection device 114 of FIG. 2 .
  • the exemplary configuration can be altered to delete electrical connections, change routes of electrical connections, or include additional electrical connections.
  • the dotted lines in FIG. 5 only illustrate exemplary connectivity between components.
  • each dotted line may represent several actual connections including, for example, one connection coupled to a high-level voltage (or an output signal), and another connection coupled to a low-level voltage (or an input signal).
  • One or more dotted lines may form a closed circuit.
  • a plurality of same/similar components e.g., one or more inner wiring layers 212 and 232 , one or more winding wires in each of inner wiring layers 212 and 232 , a plurality of connectors 222 , one or more winding wires 402 embedded in security frame 220 , one or more intrusion detection circuits 236 , and etc., of security protection device 114 , although only configurations of electrical connections for one such component are shown, similar configurations can be made to other same/similar components.
  • connector 222 connects inner wiring layer 212 of cover circuit board 210 to intrusion detection circuit 236 mounted on base circuit board 230 . More specifically, on base circuit board 230 , intrusion detection circuit 236 connects ( 502 ) to electrical contact 238 , which connects ( 504 ) connector 222 . In some embodiments, intrusion detection circuit 236 can connect ( 502 ) to electrical contact 238 through inner wiring layer 232 . In some embodiments, intrusion detection circuit 236 can connect ( 502 ) to electrical contact 238 through one or more wires buried/embedded within base circuit board 230 . On cover circuit board 210 , electrical contact 214 connects ( 506 ) connector 222 and interconnects ( 508 ) with terminals (endpoints) of inner wiring layer 212 .
  • Inner wiring layer 212 , electrical contact 214 , connector 222 , electrical contact 238 , intrusion detection circuit 236 , and connections 502 - 508 can form a closed circuit. If any part of the connections/components is disconnected or shorted, an open circuit or a short circuit can be formed, and the above described security mechanism can be triggered, e.g., triggering intrusion detection circuit 236 , and thus activating self-destruct mechanism 240 to destroy and/or erase the data stored in electronic components, e.g., sensitive components 112 , mounted within security zone 234 .
  • Cover circuit board 210 is configured to protect the electronic components mounted within security zone 234 against attacks from the top of security protection device 114 .
  • a winding wire of inner wiring layer 212 may be disconnected or shorted, causing an open circuit or a short circuit, and thus triggering the security mechanism.
  • Each connector 222 is configured to protect the electronic components mounted within security zone 234 against attacks attempting to uncover or loosen cover circuit board 210 and/or base circuit board 230 of security protection device 114 .
  • Each connector 222 not only connects signals between cover circuit board 210 and base circuit board 230 , but also acts as a pressure sensor. If an attacker uncovers either cover circuit board 210 or base circuit board 230 , connector 222 is loosened, causing an open/short circuit, and thus triggering the security mechanism.
  • intrusion detection circuit 236 connects ( 510 ) to terminals 406 and 408 of winding wire 402 (not shown in FIG. 5 ) embedded in security frame 220 .
  • Intrusion detection circuit 236 , terminals 406 and 408 , winding wire 402 , and connection 510 form a closed circuit.
  • winding wire 402 connects inner wiring layer 212 of cover circuit board 210 to intrusion detection circuit 236 directly or indirectly (e.g., through one of connectors 222 ), and forms a closed circuit.
  • the security mechanism is triggered to destroy and/or erase the data stored in the electronic components, e.g., sensitive components 112 , mounted within security zone 234 .
  • Winding wire 402 wound around inner frame 302 of security frame 220 is configured to protect the electronic components mounted within security zone 234 against attacks from a side direction of security protection device 114 .
  • winding wire 402 may be disconnected or shorted, causing an open circuit or a short circuit, and thus trigger the security mechanism.
  • winding wire 402 can protect against attacks to any of connectors 222 from a side direction. Because each of connectors 222 is located within security zone 234 or in an inner portion—e.g., channel 404 located inside inner frame 302 as shown in FIG. 4 —of inner frame 302 of security frame 220 , each connector 222 can be protected by winding wire 402 wound around inner frame 302 . If an attacker attacks any of connectors 222 from a side direction, winding wire 402 may be disconnected or shorted, causing an open circuit or a short circuit, and thus trigger the security mechanism.
  • Intrusion detection circuit 236 connects ( 512 ) to inner wiring layer 232 of base circuit board 230 .
  • Intrusion detection circuit 236 , inner wiring layer 232 , and connection 512 can form a closed circuit. If any part of the connection/components is disconnected or shorted, the security mechanism is triggered to destroy and/or erase the data stored in the electronic components, e.g., sensitive components 112 , mounted within security zone 234 .
  • Base circuit board 230 is configured to protect the electronic components mounted within security zone 234 against attacks from the bottom of security protection device 114 .
  • the winding wire of inner wiring layer 232 may be disconnected or shorted, causing an open circuit or a short circuit, and thus trigger the security mechanism.
  • FIG. 6 is a functional block diagram of an exemplary configuration of the electrical connections shown in FIG. 5 .
  • the illustrated configuration of intrusion detection circuit 236 is exemplary only, and its various illustrated components may be provided as discrete components, be combined, or be arranged in different configurations. Also, additional components may be included, and different materials may be used.
  • the exemplary configuration of electrical connections can be altered to delete electrical connections, change routes of electrical connections, or include additional electrical connections. Further, a reference number followed by an input or output indicator (e.g., “in” and “out”) for each electrical connection corresponds to an exemplary connection in FIG. 5 with the same reference number.
  • intrusion detection circuit 236 may include a plurality of security sensors, e.g., sensors 602 , 604 , and 606 .
  • Each of the security sensors may include, but is not limited to, for example, one or more temperature sensors for detecting temperature changes relative to a predefined range, one or more voltage sensors for detecting electrical voltage changes relative to a predefined range, and/or one or more tamper sensors for detecting electrical resistance changes relative to a predefined range.
  • the security mechanism includes more than one intrusion detection circuits 236 , and each intrusion detection circuit 236 is a security sensor.
  • Each of the security sensors may include an output port (pin) and/or an input port (pin) connecting to one or more components of security protection device 114 to form a closed circuit.
  • each of sensors 602 , 604 , and 606 is configured to monitor the connection(s) and detect an intrusion by detecting a disconnected or shorted circuit and/or detecting, e.g., temperature, voltage, and/or resistance changes that are outside the predefined ranges.
  • Intrusion detection circuit 236 may be coupled to or include self-destruct mechanism 240 for destroying and/or erasing data stored in electronic components, e.g., sensitive components 112 , mounted within security zone 234 , upon detecting an intrusion.
  • sensor 602 of intrusion detection circuit 236 sends ( 502 -out) a random signal, e.g., an arbitrary pulse sequence, on its output port.
  • the signal travels to ( 502 -out) electrical contact 238 on base circuit board 230 , to ( 504 -out) connector 222 passing through security frame 220 , to ( 506 -out) electrical contact 214 on cover circuit board 210 , and to a terminal of inner wiring layer 212 of cover circuit board 210 .
  • the signal is outputted from inner wiring layer 212 through another terminal, continues to ( 508 -in) electrical contact 214 , to ( 506 -in) connector 222 , and to ( 504 -in) electrical contact 238 .
  • the signal returns ( 502 -in) to the input port of sensor 602 .
  • connector 222 connects to sensor 602 through inner wiring layer 232 of base circuit board 230 , and the return or input signal travels along the connection route accordingly.
  • each of connector 222 and electrical contacts 214 and 238 can be configured to have a multi-layered structure.
  • One of the conductive layers of the multi-layered structure serves as an input port for receiving an output signal from a sensor (e.g., sensor 602 ) of intrusion detection circuit 236 , while another one of the conductive layers serves as an output port for passing an input signal to the sensor.
  • Sensor 602 monitors the signal sent and/or the signal received.
  • the input value e.g., a temperature value, a voltage level, or a resistance value
  • a security interrupt is generated, and self-destruct mechanism 240 is triggered to destroy and/or erase data stored in electronic components mounted within security zone 234 .
  • a winding wire within circuit board 210 may be disconnected or shorted, causing a change in a voltage signal level or an electrical resistance value, and thus triggering self-destruct mechanism 240 .
  • connector 222 may be loosened to create an open/short circuit, causing a change in a voltage signal level or an electrical resistance value, and thus triggering self-destruct mechanism 240 .
  • Sensor 604 of intrusion detection circuit 236 sends ( 510 -out) a random signal on its output port.
  • the signal travels to ( 510 -out) a terminal (e.g., terminal 406 ) of winding wire 402 embedded in security frame 220 , is outputted on another terminal (e.g., terminal 408 ) of winding wire 402 , and returns to ( 510 -in) the input port of sensor 604 .
  • winding wire 402 connects inner wiring layer 212 of cover circuit board 210 to intrusion detection circuit 236 directly or indirectly (e.g., through one of connectors 222 ), and the signal sent by sensor 604 travels along the connections similarly to those described above.
  • Sensor 604 monitors the signal sent and/or the signal received.
  • a security interrupt is generated, and self-destruct mechanism 240 is triggered to destroy and/or erase data stored in electronic components mounted within security zone 234 .
  • winding wire 402 may be disconnected or shorted, causing a change in a voltage signal level or an electrical resistance value, and thus triggering self-destruct mechanism 240 .
  • Sensor 606 of intrusion detection circuit 236 sends ( 512 -out) a random signal on its output port.
  • the signal travels to ( 512 -out) a terminal of inner wiring layer 232 of base circuit board 230 , is outputted on another terminal of inner wiring layer 232 , and returns to ( 512 -in) to the input port of sensor 606 .
  • Sensor 606 monitors the signal sent and/or the signal received.
  • a security interrupt is generated, and self-destruct mechanism 240 is triggered to destroy and/or erase data stored in electronic components mounted within security zone 234 .
  • a winding wire of inner wiring layer 232 may be disconnected or shorted, causing a change in a voltage signal level, and thus triggering self-destruct mechanism 240 .
  • At least one of sensors 602 , 604 , and 606 may be able to detect an intrusion without sending or receiving a signal to/from one of the above described connections.
  • the at least one of sensors 602 , 604 , and 606 may detect an intrusion by judging information acquired from one of the above described connections, for example, by judging an electrical resistance value or a voltage value acquired from a portion of a connection to determine if the resistance or voltage value satisfies predetermined criteria.
  • An exemplary process for manufacturing security protection device 114 and its components illustrated in FIGS. 2-5 can include the following steps: defining security zone 234 having one or more electronic components mounted therein; forming inner frame 302 based on requirements for a specific application, for example, based on a size of security zone 234 ; winding one or more electrically conductive winding wires 402 around inner frame 302 ; forming and combining outer frame 304 with inner frame 302 having winding wires 402 wound around it to form security frame 220 ; forming an enclosure for enclosing security zone 234 by sandwiching security frame 220 between cover circuit board 210 and base circuit board 230 ; electrically and mechanically connecting cover circuit board 210 , base circuit board 230 , and winding wires 402 to a security mechanism such as described above.
  • Inner wiring layers 212 and 232 and winding wire 402 carry electrical currents and form one or more protection layers enclosing security zone 234 and electronic components (carrying information/data to be protected) mounted therein.
  • the exemplary manufacturing process can be altered to delete steps, change the order of steps, or include additional steps.
  • Security protection devices consistent with embodiments disclosed herein have advantages over existing technologies.
  • the electrically conductive wire is embedded inside the security frame of a security protection device, is wound around the inner frame, and thus forms one or more winding protection layers around sides of the security protection device.
  • the winding around the inner frame can be made more dense, to heighten the security relative to existing technologies that uses printed circuit boards, which have gaps between layers of circuit boards.
  • the security protection device disclosed herein can also reduce production costs and can be manufactured using known wire winding technologies. Therefore, security protection devices consistent with embodiments disclosed herein have advantages of high security and reduced costs.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Burglar Alarm Systems (AREA)
  • Structure Of Printed Boards (AREA)
US12/875,810 2009-09-03 2010-09-03 Security protection device and method Active - Reinstated 2031-06-28 US8411448B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US13/784,297 US8953330B2 (en) 2009-09-03 2013-03-04 Security protection device and method

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN200920162831U 2009-09-03
CN200920162831.3U CN201532635U (zh) 2009-09-03 2009-09-03 一种安全保护装置
CN200920162831.3 2009-09-03

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US13/784,297 Continuation US8953330B2 (en) 2009-09-03 2013-03-04 Security protection device and method

Publications (2)

Publication Number Publication Date
US20110048756A1 US20110048756A1 (en) 2011-03-03
US8411448B2 true US8411448B2 (en) 2013-04-02

Family

ID=42528036

Family Applications (2)

Application Number Title Priority Date Filing Date
US12/875,810 Active - Reinstated 2031-06-28 US8411448B2 (en) 2009-09-03 2010-09-03 Security protection device and method
US13/784,297 Active 2030-11-24 US8953330B2 (en) 2009-09-03 2013-03-04 Security protection device and method

Family Applications After (1)

Application Number Title Priority Date Filing Date
US13/784,297 Active 2030-11-24 US8953330B2 (en) 2009-09-03 2013-03-04 Security protection device and method

Country Status (2)

Country Link
US (2) US8411448B2 (zh)
CN (1) CN201532635U (zh)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130161086A1 (en) * 2011-12-23 2013-06-27 Compagnie Industrielle Et Financiere D'ingenierie "Ingenico" Device for Protecting an Electronic Printed Circuit Board
US20140027028A1 (en) * 2012-07-27 2014-01-30 Johnson Electric S.A. Security wrap
US8730715B2 (en) * 2012-03-26 2014-05-20 Honeywell International Inc. Tamper-resistant MRAM utilizing chemical alteration
US10007811B2 (en) 2015-02-25 2018-06-26 Private Machines Inc. Anti-tamper system
US10678958B2 (en) 2015-12-28 2020-06-09 Intelligent Technologies International, Inc. Intrusion-protected memory component

Families Citing this family (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8250617B2 (en) 1999-10-29 2012-08-21 Opentv, Inc. System and method for providing multi-perspective instant replay
CN102289623A (zh) * 2011-09-02 2011-12-21 湖南国安思科计算机系统有限公司 防失密笔记本电脑
CN102750481A (zh) * 2012-06-15 2012-10-24 天地融科技股份有限公司 电平输出装置、可自毁的动态密码生成装置、自毁方法
CN105051751B (zh) * 2012-12-07 2019-01-01 科瑞坡特拉股份公司 用于保护电路组件免受未授权访问的安全模块
US9760881B2 (en) * 2013-04-30 2017-09-12 Partner Tech Corp Portable e-pay system and method
TWI505208B (zh) * 2013-04-30 2015-10-21 Partner Tech Corp 可攜式電子收費系統與方法
US10078764B2 (en) * 2013-07-11 2018-09-18 Cryptera A/S Tamper responsive sensor
US9154138B2 (en) 2013-10-11 2015-10-06 Palo Alto Research Center Incorporated Stressed substrates for transient electronic systems
US8955130B1 (en) * 2014-04-10 2015-02-10 Zephyr Technology Co., Limited Method for protecting vehicle data transmission system from intrusions
WO2016095996A1 (en) * 2014-12-17 2016-06-23 Arcelik Anonim Sirketi Pos device memory module protection and access control system
US9780044B2 (en) 2015-04-23 2017-10-03 Palo Alto Research Center Incorporated Transient electronic device with ion-exchanged glass treated interposer
FR3036211B1 (fr) * 2015-05-11 2017-06-09 Ingenico Group Detection d'ouverture d'un dispositif de saisie de donnees
FR3043231B1 (fr) * 2015-11-03 2017-12-22 Ingenico Group Corps de lecteur de carte a memoire a treillis de protection recto-verso
US9565021B1 (en) 2015-11-16 2017-02-07 International Business Machines Corporation Shape actuation encapsulant of a cryptographic module
US10012250B2 (en) 2016-04-06 2018-07-03 Palo Alto Research Center Incorporated Stress-engineered frangible structures
US10224297B2 (en) * 2016-07-26 2019-03-05 Palo Alto Research Center Incorporated Sensor and heater for stimulus-initiated fracture of a substrate
US10026579B2 (en) 2016-07-26 2018-07-17 Palo Alto Research Center Incorporated Self-limiting electrical triggering for initiating fracture of frangible glass
US10251260B1 (en) * 2016-08-29 2019-04-02 Square, Inc. Circuit board to hold connector pieces for tamper detection circuit
US10192076B1 (en) 2016-08-29 2019-01-29 Square, Inc. Security housing with recesses for tamper localization
US10595400B1 (en) 2016-09-30 2020-03-17 Square, Inc. Tamper detection system
US10903173B2 (en) 2016-10-20 2021-01-26 Palo Alto Research Center Incorporated Pre-conditioned substrate
US10504096B1 (en) 2017-04-28 2019-12-10 Square, Inc. Tamper detection using ITO touch screen traces
US10026651B1 (en) 2017-06-21 2018-07-17 Palo Alto Research Center Incorporated Singulation of ion-exchanged substrates
FR3080699B1 (fr) * 2018-04-27 2020-05-15 Ingenico Group Systeme de securisation d'un lecteur de carte magnetique, lecteur de carte magnetique et dispositif electronique correspondants.
US10717669B2 (en) 2018-05-16 2020-07-21 Palo Alto Research Center Incorporated Apparatus and method for creating crack initiation sites in a self-fracturing frangible member
FR3087937B1 (fr) * 2018-10-30 2021-05-14 Commissariat Energie Atomique Personnalisation d'un circuit integre lors de sa realisation
US11107645B2 (en) 2018-11-29 2021-08-31 Palo Alto Research Center Incorporated Functionality change based on stress-engineered components
US10947150B2 (en) 2018-12-03 2021-03-16 Palo Alto Research Center Incorporated Decoy security based on stress-engineered substrates
US10969205B2 (en) 2019-05-03 2021-04-06 Palo Alto Research Center Incorporated Electrically-activated pressure vessels for fracturing frangible structures
CN110191575B (zh) * 2019-06-18 2024-09-03 苏州明浩电子有限公司 双线型防撕柔性线路板
US12093924B2 (en) * 2020-09-24 2024-09-17 Sumup Payments Ltd. Secure cover with tamper resistant landing area
US11904986B2 (en) 2020-12-21 2024-02-20 Xerox Corporation Mechanical triggers and triggering methods for self-destructing frangible structures and sealed vessels
US12013043B2 (en) 2020-12-21 2024-06-18 Xerox Corporation Triggerable mechanisms and fragment containment arrangements for self-destructing frangible structures and sealed vessels
US20240184930A1 (en) * 2022-12-06 2024-06-06 International Business Machines Corporation Security technique for digital data on digital storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4811288A (en) * 1985-09-25 1989-03-07 Ncr Corporation Data security device for protecting stored data
US5159629A (en) * 1989-09-12 1992-10-27 International Business Machines Corp. Data protection by detection of intrusion into electronic assemblies
US6512454B2 (en) * 2000-05-24 2003-01-28 International Business Machines Corporation Tamper resistant enclosure for an electronic device and electrical assembly utilizing same
US6853093B2 (en) * 2002-12-20 2005-02-08 Lipman Electronic Engineering Ltd. Anti-tampering enclosure for electronic circuitry
US7054162B2 (en) * 2000-02-14 2006-05-30 Safenet, Inc. Security module system, apparatus and process
US7065656B2 (en) * 2001-07-03 2006-06-20 Hewlett-Packard Development Company, L.P. Tamper-evident/tamper-resistant electronic components
US20100024046A1 (en) * 2008-07-24 2010-01-28 Johnson Jr William S Methods and systems for detecting a lateral intrusion of a secure electronic component enclosure

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5389738A (en) * 1992-05-04 1995-02-14 Motorola, Inc. Tamperproof arrangement for an integrated circuit device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4811288A (en) * 1985-09-25 1989-03-07 Ncr Corporation Data security device for protecting stored data
US5159629A (en) * 1989-09-12 1992-10-27 International Business Machines Corp. Data protection by detection of intrusion into electronic assemblies
US7054162B2 (en) * 2000-02-14 2006-05-30 Safenet, Inc. Security module system, apparatus and process
US6512454B2 (en) * 2000-05-24 2003-01-28 International Business Machines Corporation Tamper resistant enclosure for an electronic device and electrical assembly utilizing same
US7065656B2 (en) * 2001-07-03 2006-06-20 Hewlett-Packard Development Company, L.P. Tamper-evident/tamper-resistant electronic components
US6853093B2 (en) * 2002-12-20 2005-02-08 Lipman Electronic Engineering Ltd. Anti-tampering enclosure for electronic circuitry
US20100024046A1 (en) * 2008-07-24 2010-01-28 Johnson Jr William S Methods and systems for detecting a lateral intrusion of a secure electronic component enclosure

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130161086A1 (en) * 2011-12-23 2013-06-27 Compagnie Industrielle Et Financiere D'ingenierie "Ingenico" Device for Protecting an Electronic Printed Circuit Board
US9055672B2 (en) * 2011-12-23 2015-06-09 Compagnie Industrielle et Financiere D'Ingenierie “Ingenico” Device for protecting an electronic printed circuit board
US8730715B2 (en) * 2012-03-26 2014-05-20 Honeywell International Inc. Tamper-resistant MRAM utilizing chemical alteration
US20140027028A1 (en) * 2012-07-27 2014-01-30 Johnson Electric S.A. Security wrap
US9481499B2 (en) * 2012-07-27 2016-11-01 Johnson Electric S.A. Security wrap
US10007811B2 (en) 2015-02-25 2018-06-26 Private Machines Inc. Anti-tamper system
US10572696B2 (en) 2015-02-25 2020-02-25 Private Machines Inc. Anti-tamper system
US10678958B2 (en) 2015-12-28 2020-06-09 Intelligent Technologies International, Inc. Intrusion-protected memory component

Also Published As

Publication number Publication date
US8953330B2 (en) 2015-02-10
US20110048756A1 (en) 2011-03-03
CN201532635U (zh) 2010-07-21
US20130188326A1 (en) 2013-07-25

Similar Documents

Publication Publication Date Title
US8953330B2 (en) Security protection device and method
US8593824B2 (en) Tamper secure circuitry especially for point of sale terminal
US9213869B2 (en) Magnetic stripe reading device
US9166586B2 (en) Fuel dispenser input device tamper detection arrangement
EP1160647B1 (en) Tamper detection in electronic devices
US9240291B2 (en) Rugged keypad
ES2210139T3 (es) Membrana elastomera antiintrusion para cajas electronicas aseguradas.
US20070016963A1 (en) PIN entry terminal having security system
US20070177363A1 (en) Multilayer printed circuit board having tamper detection circuitry
US20110122563A1 (en) Anti-tamper protected enclosure
US20100024046A1 (en) Methods and systems for detecting a lateral intrusion of a secure electronic component enclosure
Drimer et al. Thinking inside the box: system-level failures of tamper proofing
CN106781116B (zh) 一种智能pos终端核心区防护结构
TW201319859A (zh) 安全罩
US20210141946A1 (en) System, device and method for protecting information of a payment transaction using tamper-resistant portable stick computer device
EP2707859B1 (en) Fuel dispenser input device tamper detection arrangement
US11797966B2 (en) Tamper resistant device
US9831050B2 (en) Tamper resistant rugged keypad
US8947109B2 (en) Protection device, corresponding method and computer software product
US8587332B2 (en) Electronic protection module
TWI490728B (zh) 竄改防護元件及資料交換裝置
CN212009766U (zh) 芯片防拆结构和pos机
EP1801723B1 (en) Device for verifying an identification code
KR200480291Y1 (ko) 금융 단말기의 물리적 탐침 방지를 위한 장치의 커버 디바이스
JP7437664B1 (ja) 決済端末

Legal Events

Date Code Title Description
AS Assignment

Owner name: PAX COMPUTER TECHNOLOGY (SHENZHEN) CO., LTD., CHIN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SHI, SHUXIAN;SUN, HONGTAO;REEL/FRAME:024939/0854

Effective date: 20100902

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20210402

PRDP Patent reinstated due to the acceptance of a late maintenance fee

Effective date: 20220801

FEPP Fee payment procedure

Free format text: PETITION RELATED TO MAINTENANCE FEES FILED (ORIGINAL EVENT CODE: PMFP); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Free format text: PETITION RELATED TO MAINTENANCE FEES GRANTED (ORIGINAL EVENT CODE: PMFG); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Free format text: SURCHARGE, PETITION TO ACCEPT PYMT AFTER EXP, UNINTENTIONAL (ORIGINAL EVENT CODE: M1558); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 12